azorult | 5d21ac6bca0ba98cba5930bc0ad3bc702615c3169f8fd73535f920adb8f547b3 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase Order.exe

windows7_x64

Purchase Order.exe

windows10_x64

Sharing

General

Target

Purchase Order.exe
Size

248KB
Sample

200630-2t9nwz56ma
MD5

47d75d97c84b7f0381f7397c2234ac07
SHA1

c8d49410da62c0e7dd37b5f6403b03be0eb71857
SHA256

5d21ac6bca0ba98cba5930bc0ad3bc702615c3169f8fd73535f920adb8f547b3
SHA512

f506c875b97f7693eecaa9a03dcf8b3e9ad98c809bda1e45599e052331b80df4ee3b9a79b64f2347d6f61bdfde95f647a1389922ac6afb6ff87ce1e55c9c3f14

Score

10^/10

azorult discovery infostealer spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order.exe

Resource

win7

discovery trojan infostealer azorult spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order.exe

Resource

win10v200430

trojan infostealer azorult

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

azorult

C2

https://www.nirjhara.com/mine/32/index.php

Targets

- Target
  
  Purchase Order.exe
- Size
  
  248KB
- MD5
  
  47d75d97c84b7f0381f7397c2234ac07
- SHA1
  
  c8d49410da62c0e7dd37b5f6403b03be0eb71857
- SHA256
  
  5d21ac6bca0ba98cba5930bc0ad3bc702615c3169f8fd73535f920adb8f547b3
- SHA512
  
  f506c875b97f7693eecaa9a03dcf8b3e9ad98c809bda1e45599e052331b80df4ee3b9a79b64f2347d6f61bdfde95f647a1389922ac6afb6ff87ce1e55c9c3f14
Score

10^/10

discovery trojan infostealer azorult spyware
- Azorult
  An information stealer that was first discovered in 2016, targeting browsing history and passwords.
  trojan infostealer azorult
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverytrojaninfostealerazorultspyware

behavioral2

trojaninfostealerazorult

© 2018-2024

Terms | Privacy